From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 7742 invoked by alias); 6 Oct 2006 00:36:43 -0000 Received: (qmail 7716 invoked by uid 48); 6 Oct 2006 00:36:35 -0000 Date: Fri, 06 Oct 2006 00:36:00 -0000 From: "pasky at suse dot cz" To: glibc-bugs@sources.redhat.com Message-ID: <20061006003634.3313.pasky@suse.cz> Reply-To: sourceware-bugzilla@sourceware.org Subject: [Bug libc/3313] New: madvise(M_MXFAST,0) sets up a crash X-Bugzilla-Reason: CC Mailing-List: contact glibc-bugs-help@sourceware.org; run by ezmlm Precedence: bulk List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-owner@sourceware.org X-SW-Source: 2006-10/txt/msg00026.txt.bz2 List-Id: When a program calls madvise(M_MXFAST, 0), it will crash the next time it tries to do some memory allocation or get into an infinite loop when it remadvises M_MXFAST to some other value. The problem probably stems from the handling of the first two "unindexable" bins (although I'm not sure right now how are they unindexable) - madvise(M_MXFAST, 0) will set the max_fast to SMALLBIN_WIDTH but fastbin_index(SMALLBIN_WIDTH) == -1, which ain't any good when you use that as an index to the buckets array. -- Summary: madvise(M_MXFAST,0) sets up a crash Product: glibc Version: unspecified Status: NEW Severity: normal Priority: P2 Component: libc AssignedTo: drepper at redhat dot com ReportedBy: pasky at suse dot cz CC: glibc-bugs at sources dot redhat dot com http://sourceware.org/bugzilla/show_bug.cgi?id=3313 ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.